Researchers reveal that AI can link anonymous online accounts to real identities, raising serious privacy concerns. Discover the implications for internet users.
When large language models (LLMs) first became public, they promised to draft emails, answer trivia, and generate code easily. However, researchers quickly realized these tools could threaten online anonymity. A recent study by Simon Lermen and Daniel Paleka showed that an LLM could link anonymous online accounts to real identities using just a few harmless details.
The experiment started with a fake profile mentioning “struggling at school” and walking a dog named Biscuit in “Dolores Park.” These details seemed innocuous—no phone numbers or direct identifiers. Yet, when researchers used a publicly available LLM to gather information, the model searched Twitter, Instagram, public forums, and local news. Within minutes, it identified a college student who had posted a photo of Biscuit at Dolores Park, shared similar academic concerns, and appeared in a local newspaper’s “student of the month” column. The model expressed a “high degree of confidence” in this match, effectively de-anonymizing the account.
This finding is concerning not just because of one successful match, but because it lowers the barrier for malicious actors. Previously, breaching privacy required specialists to manually gather data over weeks. Now, anyone with an internet connection and a free LLM can achieve similar results. Lermen and Paleka argue this shift demands a “fundamental reassessment of what can be considered private online,” as the dynamics of privacy attacks have changed dramatically.
How AI Matches Profiles to Identities
The de-anonymization process relies on the LLM’s ability to connect various data points. When prompted, the model doesn’t just find keyword matches; it synthesizes context, infers relationships, and ranks candidates by likelihood. The researchers identified three stages that even low-skill adversaries can replicate.
This finding is concerning not just because of one successful match, but because it lowers the barrier for malicious actors.
The first stage is exhaustive crawling. Modern LLMs can work with simple web-scraping scripts to gather public posts, profile bios, image captions, and geotagged metadata. Many platforms expose user-generated content through public APIs, allowing the model to create a “profile fingerprint” made up of phrases, locations, hobbies, and timestamps. In the “Dolores Park” example, the model collected tweets about the park, Instagram stories featuring a dog, and Reddit threads discussing school stress—all from accounts with overlapping timelines.
Cross-Modal Correlation
After assembling the data, the LLM uses its knowledge base—trained on billions of web pages—to recognize that “Biscuit” is likely a dog’s name and that “Dolores Park” is a specific location. By mapping these connections to public records, the model can create a shortlist of individuals who meet multiple criteria. This process resembles Bayesian inference: each matching attribute increases the likelihood that a candidate is the true identity.
Confidence Scoring and Human-In-The-Loop
Even with sophisticated inference, the model may produce several plausible matches. To resolve this, LLMs assign confidence scores based on the density and uniqueness of overlapping data. In the study, the highest-scoring candidate shared three rare coincidences—a dog named Biscuit, a recent post about school challenges, and a geotagged photo at Dolores Park—allowing the model to declare the match with “high confidence.” An adversary could automate this scoring, flagging only matches above a certain threshold to reduce false positives without manual checks.
However, the researchers note that this technique isn’t foolproof. If an anonymous user has a sparse or fragmented digital footprint, the model may return many potential matches or none at all. Still, the fact that a publicly accessible LLM can reliably de-anonymize accounts in many cases changes the threat landscape.
Implications for Privacy: What This Means for Everyday Users
The loss of online anonymity affects everyone. The idea that a casual comment about a pet or a favorite coffee shop could be pieced together into a full identity profile poses real risks.
Confidence Scoring and Human-In-The-Loop Even with sophisticated inference, the model may produce several plausible matches.
Targeted cyber-attacks. Once attackers know who you are, they can craft phishing emails that reference your real-life details, increasing their chances of success. Personalization boosts click-through rates, and AI-driven de-anonymization provides this data at scale.
Identity theft and financial fraud. Many banks still use “knowledge-based authentication,” asking users to confirm past addresses or pet names. If an LLM can find these answers from public posts, the protective value of such questions disappears, exposing users to attacks.
Chilling effects on free expression. Anonymity has historically protected whistleblowers and marginalized voices. Knowing that a seemingly harmless post could reveal one’s identity may deter participation in online discussions, limiting the exchange of ideas.
Professional reputational risk. Employers increasingly check social media for background information. A de-anonymized profile revealing controversial opinions or personal struggles could negatively impact hiring decisions, even if the original post was meant to be private.
Trust in digital platforms relies on an implicit contract: users share information believing their privacy will be respected. When algorithms can easily break this trust, the foundation of that relationship collapses. Policymakers, platform operators, and the public must confront a new reality where “private” no longer means “unpublished.”
Emerging mitigation strategies are in their early stages. Some platforms are testing “synthetic anonymity” layers to introduce noise into public metadata, making precise matching harder. Others call for stricter API access controls and the creation of “privacy-preserving LLMs” that limit cross-modal inference. However, as Lermen and Paleka warn, the technology’s affordability means any regulatory delays will be quickly exploited.
AI & Technology
AI & Technology
